package com.lute.controller;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.springframework.security.oauth2.common.json.JSONException;
import org.springframework.security.oauth2.common.json.JSONObject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

import com.lute.model.Admin;
import com.lute.model.Role;
import com.lute.model.User;
import com.lute.utils.ServerErrorResponse;

@Controller
public class AddNewAdministratorServlet {
	
	@RequestMapping(value="/addNewAdmin", method = RequestMethod.POST,headers = "Content-type=application/json")
	public @ResponseBody String addNewAdmin(@RequestBody String adminJSON, HttpServletRequest request) throws JSONException {	
		String result = "";
		String firstName;
		String lastName;
		String email;
		JSONObject jsonReq;
		JSONObject jsonRes = new JSONObject();
		
		HttpSession session = request.getSession(false);
		if(session == null) {
			jsonRes.put("result", ServerErrorResponse.USER_NOT_LOGGED_IN.toString());
			result = jsonRes.toString();
			return result;
		}
		
		try {
			jsonReq = new JSONObject(adminJSON);
			firstName = jsonReq.getString("firstName");
			lastName = jsonReq.getString("lastName");
			email = jsonReq.getString("email");
		} catch(JSONException e) {
			jsonRes.put("result", ServerErrorResponse.MALFORMED_REQUEST.toString());
			result = jsonRes.toString();
			return result;
		}
		
		/* check if json data was not malformed */
		if((jsonReq.isNull("firstName")) && (jsonReq.isNull("lastName")) && (jsonReq.isNull("email"))) {
			jsonRes.put("result",ServerErrorResponse.MALFORMED_REQUEST.toString());
			result = jsonRes.toString();
			return result;
		}
		
		String role = (String)session.getAttribute("role");
		
		/* check  authorization */
		if(!(role.equals("admin"))) {
			jsonRes.put("result", ServerErrorResponse.USER_NOT_ENTITLED.toString());
			result = jsonRes.toString();
			System.out.println(result);
			return result;
		}
		
		
		Admin admin = new Admin();
		Role adminRole = Role.getRoleFromDB("admin");
		admin.setFirst_name(firstName);
		admin.setLast_name(lastName);
		admin.setEmail(email);
		admin.setRole(adminRole);
		
		/* add new administrator to DataBase */
		User.addUserToDB(admin);
		
		jsonRes.put("result","OK");
		result = jsonRes.toString();
		return result;
	}
}
